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DETAILED ACTION 

i> This action is in response to Applicant's amendment, filed on 10.25.2007. Claims 1 and 
9 are amended. Claims 1-16 are presented for further examination. 

2> This is a final rejection. 

Response to Arguments 

3> Applicant's arguments with respect to claims 1*16 have been considered but are moot 
in view of the new ground(s) of rejection necessitated by Applicant's amendment. 

Applicant argues that Rabne is only compatible with entire files. The previous 
examiner asserted that Rabne's digitized data inherently contain "data blocks." In Applicant's 
arguments, filed on May 26, 2006, Applicant argues that Rabne does not operate on data 
blocks but teaches accessing entire files. It is well known in the art that digitized data, when 
transferred over a network, are transmitted as individual "blocks" of information such as 
packets. An entire file is not simply transferred but is split into a number of packets which 
are then transmitted individually. Thus, digitized data, when being accessed over a network, 
inherently contain blocks or packets. The new ground of rejection set forth in this action 
relies on a prior art reference that teaches the well known feature of enforcing access rights 
on a packet-by-packet basis. See the rejection that follows. 

Applicant also argues that the cited prior art references do not disclose enforcing the 
usage rights within an operating system kernel without application rewrites. According to 
Applicant's specification, "OS kernel-level control of files gives enterprises unparalleled 
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power in their ability to avoid costly application compatibility rewrites and upgrades" 
[Applicant's published application, 0122]. Applicant's specification suggests that avoiding 
application rewrites is merely an effect of performing the enforcement of usage rights within 
the kernel of the OS. This implication is supported by the well-known fact that files at the 
kernel level are always running while the system is operating. One of ordinary skill in the art 
would have reasonably concluded that any attempt to access those particular files at the 
kernel level would result in a crash of the system. Thus, as long as a prior art reference 
teaches "kernel-level control of files," the prior art implicitly teaches avoiding application 
rewrites as well. 

The previous examiner rejected the limitation as being well known in the art in light 
of the Chan reference in the final rejection filed on 9/19/2005. In addition, the newly cited 
reference in this Office action also teaches performing enforcement of usage rights within an 
OS kernel. See the rejection that follows. 

Claim Rejections - 35 USC § 103 
The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set forth in 
section 102 of this title, if the differences between the subject matter sought to be patented and the prior art 
are such that the subject matter as a whole would have been obvious at the time the invention was made to a 
person having ordinary skill in the art to which said subject matter pertains. Patentability shall not be 
negatived by the manner in which the invention was made. 

4> Claims 1-16 are rejected under 35 U.S.C. 103(a) as being unpatentable over Rabne et al. 
(U.S. Patent Number 6,006,332), hereinafter referred to as Rabne, in view of Chan et al. (U.S. 
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Patent Number 6,505,300), hereinafter referred to as Chan, further in view of Taylor et al, 
U.S Patent No. 6.728.885 ["Taylor"]. 

5> Rabne disclosed a system for controlling access to digitized data utilizing a secure 
rights management server. In an analogous art, Chan disclosed a method for providing 
restricted execution contexts for untrusted content in a network. Also in an analogous art, 
Taylor disclosed a system for filtering packets by utilizing, in part, a module operating at the 
kernel level to examine packets. 

6> Concerning claims 1 and 9, Rabne did not explicitly state a client module configured 
to interface to a client operating system kernel and configured to enforce a set of usage rights 
within the operating system kernel without application rewrites. However, allowing a 
system to enforce access rights in an operating system kernel is well known in the art as 
evidenced by Chan whose system uses a security mechanism at the operating system level to 
determine usage rights for users or processes. Further, as discussed above, the limitation 
"without application rewrites" is merely an effect of performing the enforcement within the 
OS kernel. Thus, since Chan discloses enforcing usage rights at the OS level, Chan 
implicitly teaches the limitation. 

It would have been obvious to one of ordinary skill in the art at the time of the 
applicant's invention to modify the system of Rabne by adding the ability to use a client 
module configured to interface to a client operating system kernel and configured to enforce 
a set of usage rights within the operating system kernel as provided by Chan. Here the 



Application/Control Number: Page 5 

09/989,479 
Art Unit: 2152 

combination satisfies the need for a system to control and monitor the access and use of 
restricted content on a network. See Rabne, column 3, lines 32-38. See also Taylor who 
discloses that the kernel always runs when the system is operating [column 4 «lines 5i-58»]. 

7> Also concerning claims 1 and 9, the combination of Rabne and Chan did not explicitly 
state obtaining the content on an individual block basis and a set of access policies that 
comprise a set of predefined usage policies associated with the content for said user. Rabne, 
who teaches the distribution of intellectual property over a network, is not specific on how 
this content is transferred; for example Rabne is not specific as to whether it is transferred on 
an individual block basis. However, obtaining content comprising data blocks from content 
sources on an individual block basis is well known in the art as evidenced by Taylor whose 
system receives and filters each data packet (which are transmitted individually) as well as a 
set of access policies that comprise a set of predefined usage policies associated with the 
content for said user. Taylor's packets correspond to Applicant's claimed "block." 

It would have been obvious to one of ordinary skill in the art at the time of the 
applicant's invention to modify the combination of Rabne and Chan by adding the ability to 
obtain content on an individual block basis as well as the access policies that comprise 
predefined usage policies associated with the content for the user as provided by Taylor. 
Here the combination satisfies the need for a system to control and monitor the access and 
use of restricted content on a network. See Rabne, column 3, lines 32*38. The combination 
also improves Rabne's system as it provides users the capability of dynamically filtering 
individual packets [Taylor, column 4 «lines 8-i2»]. 
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8> Some claims will be discussed together. Those claims which are essentially the same 
except that they set forth the claimed invention as a method are rejected under the same 
rationale applied to the described claim. 

9> Thereby, the combination of Rabne, Chan, and Taylor discloses: 
• <Claims 1 and g> 

A dynamic file access control and management system configured to access 
one or more content sources including a set of content, said system comprising: 

A. a proxy system linked to said one or more content sources, said proxy 
system comprising an access control module configured to selectively obtain content 
comprising data blocks from said content sources on an individual block basis as a 
function of an authorization of a user requesting said content and a set of access 
policies (Rabne, column 7, lines 5*9 and column 8, lines 55-67, where Taylor teaches 
obtaining the data on an individual block basis, column 1 «lines 6y6$» | column 5 
«lines 32~39») that comprise a set of predefined usage policies associated with the 
content for said user (Taylor, column 2 «lines 37*44» : filtering packets based on 
previously defined rules | column 12 «line 6$» to column 13 «line 2» : looking at the 
packet's contents to determine whether the packet should be filtered); 

B. a rights management module configured to generate a set of usage rights 
associated with said content as a function of a set of predefined usage policies 
associated with said content for said user (Rabne, column 8, lines n-23); 
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C. at least one client device having a client module configured to interface to a 
client operating system kernel, said client module configured to enforce the set of 
usage rights within the operating system kernel without application rewrites (Rabne, 
column 6, lines 31-45 and Chan, column 5, lines 32-55 and column 11, lines 52-62); and 

D. one or more communication means, via which said content and said usage 
rights are provided to said client device (Rabne, column 3, lines 52-59). 

• <Claims 2 and io> 

The system according to claim i, wherein said content and said usage rights are 
provided to said client device via different communication means (Rabne, column 10, 
lines 34-48). 

• <Claims 3 and n> 

The system according to claim 1, wherein said content includes static content 
(Rabne, column 6, lines 53-60). 

• <Claims 4 and I2> 

The system according to claim 1, wherein said content includes dynamic 
content (Rabne, column 6, lines 53-60). 

• <Claims 5 and I3> 

The system according to claim 1, wherein said communication means includes 
a secure transform configured to encrypt and encapsulate said content into a message 
as a function of a session ID and said client is configured to extract said content from 
said message (Rabne, column 7, lines 10-19). 
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• <Claims 6 and I4> 

The system according to claim 1, wherein said proxy system further includes a 
user interface, configured to facilitate creation and editing of said access policies and 
said usage policies and association of said access policies and said usage policies with 
said content (Rabne, column 18, lines 20-32 and 50-67). 

• <Claims 7 and I5> 

The system as in claim 1, wherein said client device is a device from a group 
comprising: 1) a personal computer; 2) a workstation; 3) a personal digital assistant; 4) 
an e-mail device; 5) a cellular telephone; 6) a Web enabled appliance; and 7) a server 
(Rabne, column 6, lines 31-45). 

• <Claims 8 and i6> 

The system of claim 1, wherein said proxy system and at least one of said 
content sources are hosted on the same computing device (Rabne, figure lb, item 22). 
Since the combination of Rabne, Chan, and Taylor discloses all of the above limitations, 
claims 1-16 are rejected. 

Conclusion 

The prior art made of record and not relied upon is considered pertinent to applicant's 
disclosure; 

Schneider et al, U.S Patent No. 6.105.027; 
Flint et al, U.S. Patent No. 6.453.419; 
Wong, U.S. Patent No. 6.700.891 
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Schwering, U.S. Patent No. 6.717.943; 
Chernock et al, U.S. Patent No. 6.772.209; 
Schales et al, U.S. Patent No. 7.200.684. 

Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Dohm Chankong whose telephone number is 571.272.3942. 
The examiner can normally be reached on Monday-Friday [8:30 AM to 4:30 PM]. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Bunjob Jaroenchonwanit can be reached on 571.272.3913. The fax phone number 
for the organization where this application or proceeding is assigned is 571-273-8300. 

Information regarding the status of an application may be obtained from the Patent 
Application Information Retrieval (PAIR) system. Status information for published 
applications may be obtained from either Private PAIR or Public PAIR. Status information 
for unpublished applications is available through Private PAIR only. For more information 
about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on 
access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217- 
9197 (toll-free). If you would like assistance from a USPTO Customer Service 
Representative or access to the automated information system, call 800-786-9199 (IN USA 



DC 
1/6/08 



OR CANADA) or 571-272-1000. 




